[tac_plus] What part of tac_plus daemon configuration does "aaa authorization exec default group tacacs+" command in Cisco IOS TACACS+ client check?

Martin T m4rtntns at gmail.com
Thu Apr 16 10:38:40 UTC 2015


Krux,

I think it is bit more than just the privilege level. Looks like it is
the whole "service = exec" configuration snippet which specifies for
example "autocmd" or "idletime" besides "priv-lvl".


regards,
Martin

On 4/14/15, Krux <krux at thcnet.net> wrote:
> Authorization exec is used to tell the Cisco device to use the privilege
> level specified by the TACACS+ server when logging in. For example privilege
> level 15. This means you don't have to issue the enable command.  It is also
> required if you want to use features like the scp server to push firmware to
> your device, since the scp server requires that your exec level be 15 on
> login.
> perl -e 's==UBER?=+y[:-o]}(;->\n{q-yp-y+k}?print:??;-p#)'
>
> On April 13, 2015 1:54:37 AM PDT, Martin T <m4rtntns at gmail.com> wrote:
>>Hi,
>>
>>in Cisco IOS TACACS+ client there is a command "aaa authorization exec
>>default group tacacs+". Am I correct that all this command does is to
>>force TACACS+ client to take account the "service = exec"
>>configuration snippet in tac_plus daemon configuration file? For
>>example:
>>
>>service = exec {
>>  priv-lvl = 15
>>  autocmd = "show version"
>>}
>>
>>
>>thanks,
>>Martin
>>_______________________________________________
>>tac_plus mailing list
>>tac_plus at shrubbery.net
>>http://www.shrubbery.net/mailman/listinfo/tac_plus
>
>
>


More information about the tac_plus mailing list